CISSP is like studying law ... you have to swot a shitload of stuff while the practicals like GIAC or Offensive Security aim for a deep understanding of complex interaction and long term experience within hands-on security. Imho its easier to get ready for a governance position than a practical security engineer position.
@g milne well I don't think of CISSP as horseshit. What I said it's like study law. You have to get an understanding of a shitload of material (I mean the quantity by this term). While the other ones are practical and thus you have to get a deep understanding of the logical ongoings within IT systems. I see it as extensive vs. complex while none misses the other part. And each has its authorization.
I’ve got Net+, Sec+ and CySA+...passed all three exams first time I took them. Scheduled for CISSP in September! I have over 9 yrs of IT experience. I have several friends that have passed CISSP on the first try. They all say don’t answer the questions from a “technicians” point of view, answer them from a “Managers” point of view!
Exactly, look at the CISSP from an InfoSec manager's perspective, not an IT tech perspective. I passed on my 1st try at 100 questions with around 3 weeks of cram studying. Kelly Handerhan's "Why you will pass the CISSP" and Kirk and Spock CISSP RU-vid videos are a much watch for any prepping for the CISSP.
OSCP is generally considered to be an entry level pentest qualification. It's very common to complete it with less than 1 yr of pen experience, there are tons of way harder exams around.
They should've said OSCE3 rather than OSCP or since OSCE3 technically consists of 3 exams they couldn't said one of them or even better, OSEE. Weird that they said OSCP as #2 hardest exam when Offsec has multiple more advanced ones that are supposed to stem from foundational knowledge within the OSCP.
It does not matter which is tough, it matters which is most widely valued in the market, I personally think CISSP is the most valuable information security certification. I have seen many of my colleagues getting 40 to even 100 percent increase in their salaries after this beast certification!
You can clear CISM exam in first attempt at reasonable fees. Please drop mail with contact details to know more details. if you are serious of clearing exam. Mail to kworksindia@gmail.com
I just passed the CISSP on the first try - you must think, as he said, like management while having enough technical experience to know how that colors the responses. It was exhausting, but worth it. Deep prep and practice is a must.
Roger that, and congrats on your CISSP. I took the CISSP back in 2015 and up to that point, it was the hardest exam I ever took. I would say 90% of it was focused around the "management perspective" of Cybersecurity, but there were a lot of technical based questions, that if you didn't understand the configuration or system in question, you couldn't answer the management type question. Prior to taking my exam, I had been in Cybersecurity for approx 20 years by this point, got all the lower-tier certs in the field, but yes, the CISSP was tough, IMO. I took the 6-hour sit in a classroom being watched the entire time, exam. I have my OSCP as well, but this was def a more technical exam. Also, it wasn't that "tough" other than the 24 hour period you have to do all that you can do.
@@Mak100ish The CISM and the CISSP are similar in ways, but the CISM is def a more "management" type exam/questions. Both are excellent certs to have in Cybersecurity, but I've often read that the CISSP is more sought via automated CR/Resume searches. I have my CISSP, debating getting my CISM. Unsure it is really needed once you have one or the other. Good luck in your studies! Go get it!
The major problem with this is, most companies have outdated hardware and security practices. and when you inform them that they are still using a decade old system, They respond with, we can not afford to update. But yet they want their company to depend on such security backbone systems. And not if, but when it breaks, guess what, youll be the one to blame. Most if not all of the pencil pushers dont know about networking, so to them they dont care. They just want it to work, they dont care how, but they also wont update the system to todays standards. So when you walk into a company and they are still using windows XP, and wont update, when they are still using 1980's hardware and wont update, when they tell you, "Just make it work".... There is only one thing to do, Walk out and never come back.... If companies want proper security, they are going to have to learn the hard way. Update your security system infrastructure or im out the door. plain and simple.
@@Ogzay202 www.google.com/amp/s/www.techrepublic.com/google-amp/article/its-2019-and-one-third-of-businesses-still-have-active-windows-xp-deployments/ they claim a 3rd of companies still have a few machines with xp on them. What people don't realize is things like oscilloscope's from 15 years ago are running on xp. ATM's and so on.
Wrong answer You will need to support the company and it's goals. There are many ways to deal with risk. Sometimes the cost is mitigating the risk is higher that the expected loss. I wouldn't walk out. If the pay was good enough, I would stay and help them better themselves in whatever way the company can. Defense in depth is a good way to look at it.
I did CISSP, read the book 3 times and took several courses failed first attempt and passed the second one, but these others look like real monsters. I did CISM after it and now studying CCSP. Hopefully I get a good job one day or eventually migrate to a proper country
@@francis2k488 Worked several years in a managed service provider which had several clients, so did so much diverse tasks I was able to get the experience requirement.
@@dieglhix, I get it now. I am in the same position as you(previously worked with an MSP for over 6 years). I currently work as a cyber security analyst and still do some GRC work. Thanks for sharing your experience. I am currently studying for the CISSP exam and hope to do CCSK alongside.
@@francis2k488 There is a very nice CISSP course here in RU-vid, it's called Skillset CISSP. It was made in 2016 but it's still pretty good aside from lack of GDPR stuff.
There is a point in time where i just look at the cost to be called a "professional" vs my skill as "someone that can do stuff i guess" and realized that in the end it is not the difficulty that pushes many many people away it is the over all cost of becoming a "professional" and yet many many companies don't use "professionals" because it boils down to cost again. this is why cloud is winning and private servers is slowly becoming a thing of the past for many companies of all sizes.
You can clear CISM & All Network exam in first attempt at reasonable fees. Please drop mail with contact details to know more details. if you are serious of clearing exam. Mail to kworksindia@gmail.com
You have a point. Automation in IT ...in the next 10 years is going to WIPE IT Operations off the map!!! Why ask a certified cisco guy to implement a command when you can automate using chef?
It's not. All the CompTIA security certs are considered basic/rudimentary knowledge. Friends of mine working as pentesters have said OSCP is really just the beginning
Makes them money. To be fair, over time it’s become better, but it still doesn’t test technical competency. You can pass and not know how to secure RHEL.
@@for2utube Yes. I took the new 601 Sec+, which aspires a tad more toward covering more of the CISSP's said mileage than its 501 predecessor. It's more difficult, but it's still principally conceptual. It allows one to speak the language and grow within the industry accordingly. That said, it was not only my first CompTIA cert but my first IT-sec cert of any kind; and I passed it first attempt. However I did leverage studying a bit during the lockdowns of 2020...for 501; and then switched course in December 2020 for 601. This was and is advised against by most instructors for the exam. But, upon careful reflection, I didn't want to be an extra iteration of the exam behind come time to recert (especially given a variance of nearly 50% between the 501 and 601).
This is an area of it were there really isn't a door open enough to put a foot in. A lot of companies don't care about the certifications, they care about time spent using them. There really isn't an entry-level to this market, and that can be frustrating. I'm currently learning that.
OSCP holder here. The exam is not a "massive virtual environment", the *course labs* are the massive labs, because they are meant to be a free range to experiment with a multitude of techniques. The exam lab is a small number of machines. I'm not sure if I'm allowed to disclose the exact number but I will say it's in the single digits.
Also, the proctoring includes not just your webcam, but screen-sharing software. This is because you are allowed to turn off your webcam when taking breaks, but the screen share is to make sure you aren't working on the lab after you said you were on break. The concern is that people have been cheating the OSCP by having someone more skilled stand over their shoulder and tell them what to do. The webcam is to make sure you are alone.
The Community College at which I work is developing a Cyber Security program that will result in either a certificate or an Associates Degree in Cyber Security or Networking. The two will overlap significantly. By the time the student receives their Certificate or Associates Degrees which FOUR certifications should HOLD? I figure one certification test per semester is a good goal for most students. We have a Pearson Vue testing center on campus as well.
OSCP is not their hardest cert. It is the entry level of the OffSec pen testing certs. Sure it's 24 hours but they have 2x 48hr cert exams and a 72hr one that requires attendance at a course during Black Hat in Vegas...
I had to get OSCP to get a job, so in the UK it's classed as an gateway cert. Then you need to sit through CREST exams to do certain work, and they are harder.
CISSP is not hard at all. It is just bulky. On case of CCIE, yes it is hard, but CCIE is all about netsec not sec itself. CyberOPS is not ready yet. Oscp is also hard, but OSCP is not the hardest cert given by OfSec. For sec specialist it is crucial to know linux and network on a very good level. I am not talking about vendors, i am talking about permissions, services, firewalls, protocols, how to attack, maybe some tools. It is also nice to have some knowledge on managerial aspects.
LORD NIGHTSHIELD I agree with this. There’s a bunch of stuff to learn in CISSP. Did you know for Instance flip-flops are found in Static RAM, capacitors in dynamic ?! 😜 but if you can remember junk like this then you’ll be fine
ross alexander I cannot imagine anyone failing CISSP due to not knowing that. 1/ low level question highly unlikely to come on exam. You are supposed to have a good understand of broad subjects, not be a specific expert in one field. 2/ if it comes (still unlikely) it would just be one missed question.
randomgeocacher I think you misunderstand me. I did not say you will fail if you don’t know that! I was demonstrating one insignificant little fact you learn as part of the CBK the point being there’s a heck of a lot of wide ranging knowledge to take in
(Edit: apparently some testing centers have changed format which efficient use of time/effort harder. Unfortunately.) How to pass CISSP and other many-questions style exams: 1. Know the subjects. 2. Complete all easy questions quick. 3. Revisit all hard questions (questions you didn’t understand etc) a couple of times. 4. Make a couple of safety checks, just double check everything. Now you are done, hours ahead and likely will succeed. I think there is a big myth about “the special nature” of CISSP questions promoted by authors of books/course/training exams. All of that weird mind tricks and hidden traps in the questions, I didn’t find any such crap in the actual exam. 90% were plain questions just checking if you knew the subject matter, and maybe 10% were hard in some manner (needed you to make an intelligent decision from the scenario presented). I didn’t find any question where once you understood it the answer wasn’t obvious. So it is a big exam on a huge subject matter, but there is imho nothing strange or hard about the questions.
Tony Martins hrrm, iirc it was their facility in Stockholm I took my certification many years ago. Makes you wonder if it is a change or if testing facilities differ per country.
CISSP exam was written by demented lawyers... A total mind f--- from beginning to end.. Studied my a-- off for 12 months and still struggled through it.
LOL quite true. I'd prepped for at least two years, was prepared for the most rigorous of difficulty, and instead was faced with "what is the *best*" options about word salad questions.
As someone who has the OSCP and various Cisco certs, I would happen to agree you. That said, the 48 hour OSEP exam might be up there now although I get different opinions about that one too. The CCIE looks to be one of the toughest exams around.
The CompTIA track is the least challenging and gives you rudimentary knowledge. EC-Council CEH is about on par with CompTIA Pentest+. Sure they require a little work but you're only starting out. You also should be very comfortable with Windows administration, Linux administration and networking and be learning shell scripting and Python...
Question- honestly - is CISSP applicable (in a broad sense)outside of US? I would like to tackle it, but only if it is in demand abroad - specifically Latin America and non EU Eastern Europe? Debating…
Just passed the sec+ 601 exam. It was tough even when i have some skills in it sec from college and work. Think also the english language level was a factor of the difficult
I don’t argue that CCIE security is hard as nails. But what is the value of it if you are not using Cisco’s security products? What if I am using products from Palo Alto, F5 and Microsoft to secure my company?
Almost 10 years after passing and I still remember how annoying taking the CCIE Sec was. Totally worth it, but it SUCKED. You gotta embrace the suck to pass. :)
It's an interesting field, the problem with it that 100% protection from breaches is impossible and if management doesn't understand that simple principle when you DO suffer a large breach you're screwed. It's like a lot of IT jobs, you only get noticed when things go wrong, you don't get noticed for the 99% of things you keep right unless you have good managers.
Pretty much every day I’m waiting for “the big one” and know that in the end I’m just there to get blamed for getting pwned. Upside is we get paid really well, deal with the devil and all that.
@@Drum8888 the most important thing you need to make management understand is that with breaches it's not a question of "if" but rather a question of "when". You need to prepare for that "when" as best as you can so when it happens your systems and processes are prepared and you are able to react swiftly and minimize the damage.
CISSP was the only exam when I started, I think my number was in hundreds back then and it was hard and done on paper with a very long turn around time to be graded. It also requires that the person show and document experience in the field - seems all that is gone now
All of ISC certs require docs from your employee in order to proove that you are into IT Sec on daily basis, even the easiest ones. For CISSP, you have to work in industry for 5 or 7 years(don't remember). You can though pass it much earlier but you will not get a certificate. My colleague passed CISSP and waited more than a year for cert in order to meet ISP requirements. If someone has a friend who already did something from ISC, he or she can invite you to ISC platform and it is also a chance to proove your it sec profession without providing docs from employee.
funny that you mention the OSCP as second hardest since its the entry level Offensive Security cert there are several specializations and more difficult levels beyond. OSCE OSEE ...
I was going to say the same but I figured that perhaps they classifed this as pentesting certs maybe? Who knows. But I think anyone in the OffSec world knows that OSEE is probably the hardest cert out there. 72 hours of Windows 32 and 64 bit exploitation. Wonder how many OSEEs there are in the world.
@@zephyfoxyTensho you are probably right. As far as I know, there are only a very few labs for OSEE (Blackhat have been booked out within seconds last year ^^)which is mandatory to get into the certification process. Therefore I guess there are only a few 100 holding this cert. I guess I will just ask them :)
he probably means 4 hardest mortals can achieve... why bother with god level certs. the thought of osce probably made him look away from that category to even mention it. i’ll be at the front door end of the year lined up to take my osce.
Considering the following certifications: CISSP vs OSCP vs GPEN vs GIAC + GSEC + GCIA = GSE vs OSEE where would you personally rank each course in comparison to others?
I am CISA , the most accepted and usefull , suggest to get it, rest is not much genaral accepted; Others; cobit 5 and iso/iec 27001 If u have my certificate can have big sallaries
Please how do l get the CISM? Is it through a 2 years associate degree in information systems technology/Cybersecurity or four years degree or just the certifications
You can clear CISM exam in first attempt at reasonable fees. Please drop mail with contact details to know more details. if you are serious of clearing exam. Mail to kworksindia@gmail.com
You can clear CISM exam in first attempt at reasonable fees. Please drop mail with contact details to know more details. if you are serious of clearing exam. Mail to kworksindia@gmail.com
@@plogoo1 I'm at a cross roads. Just finished the course (on demand) but it took me 3 1/2 months to get through. Honestly don't think I can index books and take cert in the little remaining time 2 weeks I have left. Learned a valuable lesson though. Never take an on demand course with sans if you want to get the cert. Clock starts on day 1, not when you finish.
Thoughts on Security+? I have about two weeks left of it in my college course(workforce return to education offering) and I am already intimated to sit for the exam.
@@JerseyJeff84 so I just got back from the exam. I seriously thought I was going to fail because I just started studying hard this week. I was basically guessing (guess I'm a good guesser?), but it helped that I knew the performance based. I am happy to say I passed! Yay!
It's really not that hard man. I had no experience in IT and passed the first try. I'm not a genius or anything. I'm military and retrained into IT/Comm career field and the last portion on the school was you had to pass Security+ and only have 2 weeks to study/take/pass. Just give yourself time, take it seriously, and sit down and study, you'll be fine. Trust me.
For those of us who want to start a career on IT, which certs are better? CompTIA, Cisco or Microsoft? I had to take a crash course on System Admin (very basic) in order to get a job and my trainer told me that Microsoft's certs have a better value today as most of IT services are moving to cloud so you can get networking or security certs that are related to that cloud environment. Any tips or advice will be greatly appreciated.
I don't believe there is a certificate more difficult than CCIE, because CCIE is a combination of theory and practical, and practical means implementation and troubleshooting, and troubleshooting means you must be expert in every technology with hands-on, and the scope of the certification is quite big, you can pass CISSP in 4 months, but you need 2 years to pass CCIE. but there might be certificates much more worthy than CCIE
You can clear CISM exam in first attempt at reasonable fees. Please drop mail with contact details to know more details. if you are serious of clearing exam. Mail to kworksindia@gmail.com
A majority of the GIAC guys I've seen were either Pen Testers for private/contract companies or (I was in the Army as a Cyber guy) all the Red Team guys had GIAC certs under their belts. So usually these cyber guys are on the offensive/grey hat/white hat side of the house...from my experience.
@@winds1010 Pretty much the same, just better at Python and C++, marginally. Got a free pass for the first year thanks to Covid, won't be as lucky this year.
@@cbtnuggets by the way John is not my real it's just a fake account that I made for privacy....... Other than this Thank you CBT Nuggets you guys are just awesome.... ❤️
I did my CISSP back in 2010 I think, when they use to send out examiners instead of doing it online, I brought the Sybex book I think it was (remember Sybex books were so popular in the day) read that for 6 weeks then had a crack at it, after 4 hours walked out and though I had failed but I passed. It's a hell of an exam, but now it can be done online I am sure there are plenty of lab centers that don't have cameras on and allow people to cheat it like all the MSCE's etc. I found once in Shanghai when I did a MS cert the test center asked for my ID, but didn't care if I took in my bag, phone pen etc. Useless.
The CISSP isn't online... even during COVID - www.isc2.org/Notice/COVID-19-Response-Online-Exams# - You have to submit to multiple palm scans before you can start your test and after you finish your test to verify your identity....
Can attest, I hold the CISSP and sat for the OSCP and after 22 hours straight, I couldn't crack the final box to pass. Hundreds of hours went into practicing on their VPN and still, couldn't pass it.
You can clear CISM exam in first attempt at reasonable fees. Please drop mail with contact details to know more details. if you are serious of clearing exam. Mail to kworksindia@gmail.com
You can clear CISM exam in first attempt at reasonable fees. Please drop mail with contact details to know more details. if you are serious of clearing exam. Mail to kworksindia@gmail.com
You can clear CISM exam in first attempt at reasonable fees. Please drop mail with contact details to know more details. if you are serious of clearing exam. Mail to kworksindia@gmail.com
I don’t care how many certs you have. They all depend on where you want to be in security. I, myself am a pen tester that specializes in VM and Threat. I also write entire security programs from scratch. So a CISSP and a OSCP will benefit me more with a sprinkle of CISM and CRISC. Security at the end of the day is purely about risk. That is what separates us from IT. We just use technology to do our jobs. And yes I have all 4 of those certs.
So what career steps can you take while you are waiting for that 5-year experience to enter Cybersecurity? I'm studying for my A+ right now but I don't want to be on the helpdesk for more than 2 years. Are there any options outside of second-line support and system admin that I can aspire to while I gather the experience for the 5 years minimum exp?
@@forextradealgorithm1386 Hey. To be honest, I'm no longer looking to enter cybersecurity. I did 1 year in help desk and now I am in a NOC role and will probably try to land a role in devops in another year or so. But in my opinion, if you want to land a role in cybersecurity, it would help to have some networking fundamentals and some coding or scripting skills if you don't already.
@@j6873 ayy much appreciated for your input on this... Was currently studying for the CCNA then hopefully get into cyber security.... So hearing you say that bout networking makes me feel happy Good fortunes in your endeavours. And thank you once more.🙏
Comparing these three certs with CCIE is absurd. You have to gain knowledge of 4-6 months CCNA then 5-6 months CCNP, and after a months/years to pass a CCIE which exam cost 1600 eur plus travel cost going to Europe - Brussels and taking 8h exam with slim chance of passing. Comparing OSCP you need ~3 months to pass. CISSP you can buy dumps and pass it. GIAC ~ 4months.
It's almost impossible to dump a CISSP cert, the more questions you get correct the harder the questions become and most of them will not be in the practice guides, plus the audit you at random every year and if they even suspect that you tried to dump the exam they will pull it from you. The man in the video also left out in regards to the GIAC Security Expert Cert is that you must have at least 1300 white papers published and I believe there are only 9 people on the entire planet who have actually passed that certification.
I lost all my respect for CISSP, when I saw a fresh (less than 6 month) CISSP struggle to distinguish between the risk for confidentiality and integrity. And even after I tried to argue with him, would not understand it. Risk for C was low, risk for I was high. He argued, risk for C should also be high, because if someone get's the credentials and then logs into the application to alter the content, there would be high damage.
Roger that, your explanation makes sense. As a CISSP, I have to admit, I have worked with other CISSPs that I was like "WTF are you talking about?" You CAN have a low risk C and a high risk I for a system. Confidentiality primarily covers "if data were to get out, how would it affect the company/organization?" While Integrity deals with "if the data was changed, how would it affect the company/org?" There are many instances where you could have a LHH or LHM for your CIA classification. It all depends on the data you're protecting.
Great content! Now I know which certificates I should go for initially and then move on to the tougher ones. A small doubt though, I have recently taken up a ISP course at EC Council University out of passion and interest but now I am clueless on what course or project to take next to have a career in cyber security. Could you help me decode this? Thanks!
Hi, Ria! Many will try to gain experience in pentest, which the EC-Council and CompTIA have good certifications for. Another is CISSP, which is always a slam dunk for an applicant to have. The key is to continue to grow and never stop learning. Some will focus on cloud security and do the AWS or Azure security track. Or security vendors such as Palo Alto, Check Point, or Cisco. There are so many options and areas of focus, we recommend reaching out to communities with veterans in the industry to learn more about each path. Hope that helps!
CCIE takes a lot of real-world experience, and you'd have to first get CCNA Security and CCNP Security before even thinking of CCIE. It's a very long journey to CCIE.
Oh Man CISSP... we really need some CBT lessons on that one especially for the new CAT exam since the ajustement made in April 2018. I know skilled security peoples who failed in the new CAT exam, and I know peoples who got it as their first IT certification ever and on their first try without being skilled in security. Something is wrong with it... it really scares me, it’s like a gambling certification, any advices please?
Passed but honestly thought I had failed going thru the exam and reaching question 150. I was so relieved reading “Congratulations” on that printout. Kelly Handerhan’s course on Cybrary is a must to complement your study material!
You can clear CISM exam in first attempt at reasonable fees. Please drop mail with contact details to know more details. if you are serious of clearing exam. Mail to kworksindia@gmail.com
OSCE, and yes, definitely harder than some of the ones listed here, but OffSec has so many high-level pentesting certs that they'd practically dominate the list, so I guess they wanted diversity?
So true. I passed cissp and security + on the first try.... what took me down you ask??? SPLUNK certified core user🤯 Just passed today... after failing 2ce... why you ask??? #1 didn't take it seriously.... #2 didn't study... I decided to do BOTH this time... and passed... Who knew??? Studying HaH!, lol
@@When_Disaster_Strikes in retrospect, I should've just went for Power... I think that Splunk fundamentals 2 actually helped me to digest the concept... But now that you mentioned it, splunk 2 also covers the Power user... ugh😔
With Gsec, Gcih, Gcia I still wouldnt feel anywhere near to Gse, thats why people have 8 or more Giac certs before even attempting that, and must revise those certs for maybe a yr or 2 also...
Yeah I'm on the same boat because GIC certs are not that tough but they are very costly and for GSE you have to pass 3 certs so that's why there is very few people who hold GSE
@@michaelgomez3238 Hi thanks but I dont think I have seen the specific information I did ask on the link you provided.I like to know the most sortafter cyber security course among those you have talked on thanks .
@@valt2305 cyberseek does not show demand data for all 4 shown in this video. However cyberseek indicates CISSP is the certification most listed in job openings. And to clarify, I am not the person that can take credit for providing the video.
You can clear CISM exam in first attempt at reasonable fees. Please drop mail with contact details to know more details. if you are serious of clearing exam. Mail to kworksindia@gmail.com
I have OSCP cert. To be honest it was not that hard as this video described. Normall sleeping and 70/100 is enough to pass. This was not as easy as having a nugget but one should not consider this to be HARD at all.
CISM by ISACA is more management based then the CISSP. CISSP is a mix of technical and management but they drill into your head to "think like a manager" for the test. I found the CISSP to be easier than the CISM because the CISM was so boring to try to study for.
You can clear CISM exam in first attempt at reasonable fees. Please drop mail with contact details to know more details. if you are serious of clearing exam. Mail to kworksindia@gmail.com